Visible to the public Biblio

Filters: Author is Simon Kim, University of Illinois at Urbana-Champaign  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
P
Phuong Cao, University of Illinois at Urbana-Champaign, Ravishankar Iyer, University of Illinois at Urbana-Champaign, Zbigniew Kalbarczyk, University of Illinois at Urbana-Champaign, Eric Badger, University of Illinois at Urbana-Champaign, Surya Bakshi, University of Illinois at Urbana-Champaign, Simon Kim, University of Illinois at Urbana-Champaign, Adam Slagell, University of Illinois at Urbana-Champaign, Alex Withers, University of Illinois at Urbana-Champaign.  2016.  Preemptive Intrusion Detection – Practical Experience and Detection Framework.

Using stolen or weak credentials to bypass authentication is one of the top 10 network threats, as shown in recent studies. Disguising as legitimate users, attackers use stealthy techniques such as rootkits and covert channels to gain persistent access to a target system. However, such attacks are often detected after the system misuse stage, i.e., the attackers have already executed attack payloads such as: i) stealing secrets, ii) tampering with system services, and ii) disrupting the availability of production services.

In this talk, we analyze a real-world credential stealing attack observed at the National Center for Supercomputing Applications. We show the disadvantages of traditional detection techniques such as signature-based and anomaly-based detection for such attacks. Our approach is a complement to existing detection techniques. We investigate the use of Probabilistic Graphical Model, specifically Factor Graphs, to integrate security logs from multiple sources for a more accurate detection. Finally, we propose a security testbed architecture to: i) simulate variants of known attacks that may happen in the future, ii) replay such attack variants in an isolated environment, and iii) collect and share security logs of such replays for the security research community.

Pesented at the Illinois Information Trust Institute Joint Trust and Security and Science of Security Seminar, May 3, 2016.